DNS Configuration

DNS Configuration

DNS configuration on Ubuntu has become more complex as systemd-resolved replaced the traditional /etc/resolv.conf approach. Understanding how DNS resolution flows — from application to NSS to systemd-resolved to the upstream DNS server — helps you configure it correctly and troubleshoot resolution failures efficiently.

How DNS resolution works on Ubuntu

Application: getaddrinfo("google.com")
      ↓
NSS (Name Service Switch) — reads /etc/nsswitch.conf
      ↓
/etc/hosts checked first (if "files" comes before "dns" in nsswitch.conf)
      ↓
systemd-resolved (listening on 127.0.0.53:53)
      ↓
/etc/resolv.conf → nameserver 127.0.0.53 (stub resolver)
      ↓
Upstream DNS servers (8.8.8.8, 1.1.1.1, etc.) — configured per-interface

systemd-resolved

# Check systemd-resolved status
systemd-resolve --status

Relevant output section

Link 2 (ens3)
      Current Scopes: DNS
DefaultRoute setting: yes
       LLMNR setting: yes
MulticastDNS setting: no
  DNSOverTLS setting: no
      DNSSEC setting: no
    DNSSEC supported: no
  Current DNS Server: 8.8.8.8
         DNS Servers: 8.8.8.8
                      1.1.1.1

# Verify /etc/resolv.conf points to systemd-resolved stub
cat /etc/resolv.conf | head -5

Correct output (stub resolver)

# This is /etc/resolv.conf managed by man:systemd-resolved(8).
nameserver 127.0.0.53
options edns0 trust-ad

⚠️ WARNING: Do NOT edit /etc/resolv.conf directly on Ubuntu — it is a symlink managed by systemd-resolved. Direct edits will be overwritten. Configure DNS through Netplan (persistent) or resolvectl (runtime only). If your /etc/resolv.conf is not a symlink, it was manually broken. Fix: sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Configuring DNS in Netplan

# In /etc/netplan/00-installer-config.yaml:
network:
  version: 2
  ethernets:
    ens3:
      dhcp4: false
      addresses: [192.168.1.10/24]
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 1.1.1.1]
        search: [example.com, corp.example.com]   # DNS search domains

sudo netplan apply

# Verify systemd-resolved picked up the new DNS servers
resolvectl status | grep -A5 "Link 2"

The /etc/hosts file

# /etc/hosts: static name-to-IP mappings, checked BEFORE DNS
# Use for: local development overrides, cluster node names, test environments
cat /etc/hosts

/etc/hosts format

127.0.0.1   localhost
127.0.1.1   myserver.example.com myserver    # hostname resolution

# Cluster node entries:
10.0.1.10   db-master.corp db-master
10.0.1.11   db-replica.corp db-replica
10.0.1.20   app-01.corp app-01

# nsswitch.conf controls lookup order (default: files before dns = hosts file first)
grep hosts /etc/nsswitch.conf

Output

hosts:          files mdns4_minimal [NOTFOUND=return] dns

Testing DNS resolution

# Test basic resolution
dig google.com
nslookup google.com    # Alternative

# Test resolution using a specific DNS server
dig @8.8.8.8 google.com       # Test against Google DNS directly
dig @127.0.0.53 google.com    # Test via systemd-resolved stub

# Measure resolution time
dig +stats google.com | grep "Query time"

# Check what DNS server will be used
resolvectl query google.com    # Shows which interface/server resolved it

# Flush the DNS cache
sudo resolvectl flush-caches

# Check cache statistics
resolvectl statistics

Conclusion

On Ubuntu, DNS is managed by systemd-resolved. Configure upstream DNS servers via Netplan (for persistence), not by editing /etc/resolv.conf directly. Use resolvectl status to verify which DNS servers are configured per interface and whether they are reachable. The /etc/hosts file provides local overrides that take precedence over DNS — useful for development and for adding short names for cluster nodes. Test resolution with dig google.com and verify response time is normal (under 100ms for a cached result, under 500ms for an uncached query).